Apache Log4j 2, a Java-based logging library, was affected by a zero-day vulnerability on December 9, 2021. The vulnerability, known as Log4Shell and identified by the National Institute of Standards and Technology (NIST) as CVE-2021-44228, allows cybercriminals to take control of vulnerable systems and servers. Many web applications, open-source cloud platforms, and service providers utilize Log4j.

The healthcare industry is no exception to the rapid levels of transformation we’re seeing across multiple industries right now. As more facilities begin to leverage electronic health records (EHRs) and internet-connected medical devices for patient care, organizations are becoming more reliant on advanced technologies. While these changes have helped advance patient care in many ways, they have also introduced the healthcare sector to greater levels of risk.

The last 12 months have been awash with incidents that led to significant data breaches, government regulatory and legal sanctions, and loss of business services availability. In 2023 we saw the most private personally identifiable information exposed, business services shut down, and CISOs fired—and even charged for legal violations by the federal government.

In response to the growing number of malicious actors that have managed to exploit cybersecurity vulnerabilities and cause irreparable damage to organizations, governments worldwide have decided to intervene, recognizing a need for a systematic approach to safeguarding national assets. Helping to lead the way in this institutionalized effort is the Australian Prudential Regulation Authority (APRA). ‍

Cloud Monitoring is a crucial part of the security stack for many modern enterprises. More businesses have continued to shift their services and operational activity into the cloud in the form of Software (SaaS), Platform (PaaS), and Infrastructure as a Service (IaaS). They have done this for several reasons, including: This is taking place in both small- and large-scale enterprises. Threat actors have responded by targeting cloud services with increased frequency.

Recent research identifying nearly 100,000 exposed industrial control systems (ICS) around the world should serve as a critical wake-up call to national government policymakers responsible for ensuring national security, public health, and safety within their borders. These systems, fundamental to our critical infrastructure, underpin essential services that sustain modern society… and they should not be publicly exposed on the Internet!

Routine cybersecurity assessments are a crucial component of a holistic risk management program. Your organization must keep an eye on the cyber hygiene of its entire ecosystem, including third- and fourth-party vendors, at all times. A cybersecurity risk assessment allows you to do this by identifying the cyber risks that affect your security posture, which leads to more informed decision-making on how best to allocate funds, implement security controls, and protect the network.

As people have grown comfortable with e-commerce and email correspondence, the techniques of scammers have become increasingly sophisticated and hard to detect. Many of us have heard of phishing attacks, in which bad actors coerce people into handing over sensitive information. These are usually carried out by impersonating a trusted third party – and overwhelmingly through email (Deloitte, 2020).

Google Safe Browsing is a set of policies to help users remain protected and aware of potential security threats when using Google products. Google has offered Safe Browsing protections since 2005, and most users are familiar with the cautionary notice that precedes potentially dangerous websites.